Who we are
KNOC is operated by the team behind the KNOC product (referred to here as "we", "us", or "KNOC"). Our service connects a person who scans a QR code at a door (the "visitor") with the person who owns or manages that door (the "owner").
If you have privacy questions or want to exercise the rights described below, you can reach us at the contact address at the bottom of this page.
What we collect
We try to collect only what the service genuinely needs. There are three categories of data:
- Owner account data: email, name, password (stored as a salted hash, never in plain text), authentication identifiers from Google or Apple if you use social sign-in, profile photo if your social provider supplies one, language and timezone preferences, quiet-hours settings, billing identifiers if you upgrade to a paid plan.
- Visitor submission data: anything a visitor chooses to send when they scan a door โ photo, audio recording, text message, phone number โ plus the door they sent it to and an approximate location derived from network signals.
- Technical data: IP address (used for approximate location and abuse protection), browser/user-agent string, device push-notification tokens, basic timestamps, and operational logs.
How we use it
We use this data to deliver the doorbell experience: showing the visitor's message to the owner, letting the owner reply, sending push notifications, enforcing service hours and quiet hours, and protecting against abuse.
We do not sell personal information. We do not use visitor submissions to train machine-learning models. We do not share owner contact details with visitors or with each other.
Sensitive data
KNOC collects information that is treated as sensitive personal information under several privacy laws โ for example, audio recordings, photos that include faces, and approximate location. We treat this data with extra care: it is encrypted in transit, scoped to the people who need to see it (the owner of the door it was sent to, and the operations team for support and abuse review), and is automatically removed at the end of the retention window for your plan.
If you live in a jurisdiction that gives you the right to opt out of the "sale" or "sharing" of sensitive information, you can exercise that right by contacting us. We do not sell or share sensitive information for cross-context advertising.
Service providers we share data with
We use a small number of vetted service providers to run the service. They process data only on our behalf and only for the purposes listed:
- Cloud storage: photos, audio, and other large objects are stored on Amazon S3 (AWS). Files are accessed via short-lived signed URLs.
- Push notifications: Firebase Cloud Messaging (Google) delivers notifications to owner devices.
- Text messaging: when an owner replies and the visitor opted in, we send a follow-up text via Twilio.
- Billing: paid subscriptions are processed by Stripe. We never see or store full credit-card numbers.
- Sign-in: Google Sign-In and Sign in with Apple, when an owner chooses one of those options at signup.
How long we keep data
Free-tier accounts: visitor submissions are visible for the most recent ten knocks within a seven-day window. Paid accounts: extended visibility within the retention window for your plan. After the visibility window expires, files and details are deleted from the active system.
Some data may be retained longer when required by law (for example, if a knock event becomes part of a legal investigation in a jurisdiction that requires preservation), or for short fraud-prevention purposes. Specific retention floors vary by country.
When you delete your owner account, we mark it for deletion and permanently destroy your data after a 30-day grace period unless we are required to retain a specific record by law.
Your rights
Depending on where you live, you may have the right to: access the personal information we hold about you, correct inaccurate data, delete your data, restrict or object to certain processing, receive a portable copy of your data, and opt out of any "sale" or "sharing" of your information (we do not engage in either).
Owners can exercise most of these rights directly inside the app โ the Settings page lets you update your details, change your preferences, and schedule the deletion of your account. Visitors can request the same rights by contacting us with the door slug and an approximate timestamp of their submission so we can find the right record.
Children
KNOC is not directed at children. We do not knowingly collect personal information from children under 13 (or the equivalent age in your country). If you believe a child has submitted personal information through KNOC, please contact us and we will delete the record.
International data transfers
KNOC is built and operated for use across the Americas. Depending on your country and the cloud regions our service providers use, your data may be processed in a country other than your own. Where required by local law, we use contractual safeguards to protect data during these transfers.
How we protect your data
We use industry-standard practices: encryption in transit, encryption at rest where supported by our storage providers, scoped access controls inside the app, short-lived signed URLs for media files, and operational monitoring. No system is perfectly secure, and we will notify affected users in line with applicable law if a breach poses a real risk to them.
Changes to this policy
We may update this policy as the service evolves or as the law changes. The "Last updated" date at the bottom of this page reflects the most recent revision. Material changes will be highlighted on the homepage or in the app for a reasonable period before they take effect.
Contact
You can contact us about privacy at [contact email โ TBD]. Please include enough detail for us to identify your record (for owners: the email tied to your account; for visitors: the door slug and an approximate timestamp).